The interim Chief Internal Auditor outlined
the work undertaken by Internal Audit in respect of the 2017/18
Annual Plan. The report contained
the annual audit opinion for 2017/18.
As part of
internal audit’s professional standards (UK Public
Sector Internal Audit Standards) (PSIAS) the Internal Audit team
are responsible for delivering the annual audit opinion and to
report to those charged with governance in time to support the
Annual Governance Statement. The
standard sets out that the Annual Report must contain the overall
audit opinion, a summary of the work that supports the opinion and
a statement on conformance with PSIAS and the Local Government
Application Note, highlighting areas of non-conformance.

The underlying principles to the 2017/18 Plan
were outlined in the Audit Plan paper presented to and approved by
Members of the Audit and Standards Committee on 26 June
2017. During the year the Plan does
remain flexible, with some items being added to the Plan and other
items being deferred. Internal Audit
has its own performance standard, that they must deliver 90 per
cent of the audit work in the Plan.
This target has been exceeded.

The role of management and internal audit in
respect of the Plan was described. Audit opinions were awarded for
individual systems and compliance within one of the following three
categories:

Substantial
assurance

Adequate
assurance

Limited
assurance

Substantial and adequate assurance opinions
are positive opinions. Limited assurance is a negative
opinion. During the year the Committee
had received a number of limited assurance reports.

In terms of how the Internal Audit team form
their judgement of the overall audit opinion, work is categorised
into six areas and these categories were described in paragraph 7
of the report. The interim Chief
Internal Auditor went on to describe each of the 2017/18 Audit Plan
Outcomes for each category of work.

In terms of the High Risk Auditable Areas work
had been dominated during 2017/18 by the implementation of two new
IT systems. In December 2015 a decision
was taken to purchase Integra as the Finance Solution for both
schools and the County Council via Entrust – known as My
Finance. In June 2016 the decision was
taken to purchase iTrent as the HR
Solution for the County Council via a framework agreement set up by
Worcestershire County Council. This
system is known as MyHR. Both projects were successfully
launched. My HR went live on 1
September 2017, followed by My Finance on 6 November
2017. The implementation of these two
key fundamental IT systems was represented by two significantly
large projects spanning most of 2017/18 known as the SAP
replacement programme. Internal Audit
categorised this as “high risk” and dedicated a number
of days’ project support work to give ongoing and timely
assurance to senior management over the new control
environment. At the conclusion of the
project a number of internal audit reports were produced giving a
number of different opinions, detailed on a table on page 11 of the
report. The high level issues
...
view the full minutes text for item 4.

5.

Exclusion of the Public

The Chairman to move:-

“That
the public be excluded from the meeting for the following items of
business which involve the likely disclosure of exempt information
as defined in the paragraphs of Part 1 of Schedule 12A (as amended)
of the Local Government Act 1972 as indicated below”.

PART TWO

(reports in this
section are exempt)

Minutes:

RESOLVED – That the
public be excluded from the meeting for following items of business
which involve the likely disclosure of exempt information as
defined in the paragraphs of Part 1 of Schedule 12A (as amended) of
the Local Government Act 1972 as indicated below:

The Chairman introduced this
report. Members were asked to appoint
five Members to sit on the Special Panel of the Audit and Standards
Committee.

Members did question whether there was a need
to appoint Members to the Panel to consider remuneration on an
annual basis. The
benefits were seen as continuity and reassurance to the public of
an independent overview of Members’ allowances.

The Chairman proposed that Councillor
Trowbridge, Brookes, Oates, Wilson and Davis be appointed to sit on
the Panel.

RESOLVED: That Councillor
Trowbridge, Brookes, Oates, Wilson and Davis be appointed to sit on
the Panel.

The interim Chief Internal Auditor presented
the Audit Charter for 2018. The Charter had been presented to the
Committee for approval. There were two minor changes in the
Charter. The first change was in regard
to fraud and corruption related work highlighted on pages 390/391
of the report and the Role of Senior Leadership Members highlighted
on page 396 of the report.

The interim Chief Internal Auditor gave a
presentation on the proposed Internal Audit Strategy and Plan
2018/19 asking Members to note the balance between planned audit
work in key risk areas, and any emerging items that may arise
during the coming year. The Audit Team
has sufficient resources to deliver the Audit Plan.

The Internal Audit Strategy is a key
governance document. It is produced
annually and is brought to the Committee for approval each
year.

The Strategy sets out the risk assessment
process that the Council has adopted to produce their Internal
Audit Plan. There are number of key principles that the Team adopt
when producing the Plan. The Plan also
explains the Audit Team resources.

The methodology used to produce the Internal
Audit Plan was reviewed as part of the External Quality Assessment
and was positively reported upon by the external
assessor.

There are a number of audit areas identified
and as part of producing the Plan, the Plan is discussed with key
stakeholders including the Senior Leadership Team and members of
the Wider Leadership Team and Operational Management Team. The
fraud risk assessment is updated taking into account relevant
documents. Key partnerships are also
considered. Previous audit work is also
considered and past audit opinions. In
terms of the detailed risk assessment this is set out in the report
and the planned risk assessment methodology is detailed in Appendix
A to the report. Alternative sources of
assurances are also considered e.g. the work of external audit and
other inspection teams such as health and safety and the Peer
Review due in September. Susceptibility
to fraud is also considered as well as the stability of the
system.

A score is given for all the areas identified
in the risk assessment to give an overall percentage score. Scores
over 60 percent are considered high risk. Scores between 59 per cent and 40 per cent, medium
risk and scores below 39 per cent, low risk. On occasions audits are performed on low risk
areas. The percentage score acts as
guide. Within the audit strategy, key
principles are set out which are used to formulate the audit plan
and applied. The service is mindful of
when alternative sources of assurance can be given. ‘Top Ten Risk’ Reviews are identified
and key financial systems are conducted. A schools’ audit programme is developed
based upon a formal risk assessment. An
initial allocation of 200 days of audit time is given in the
counter fraud Plan to conduct Special Investigations. An initial contingency allocation is also made.
This is variable year on year and is included in the Internal Audit
Plan. Time is included to undertake
proactive counter fraud work. Compliance reviews are also included
in the Internal Audit Plan.

The Resource requirement indicates that the
County Council has allocated 2,065.5 days for audit work during the
year. In addition 354.5 days has been
allocated for external clients. The
total resource requirement for the coming year is 2,420 days and
this shows a reduction ...
view the full minutes text for item 17.

18.

Interim update report 2017-18

Verbal Update by Ernst & Young

Minutes:

The External Auditor gave an update on their
engagement with the audit cycle. He
outlined some of the work that had been done in regard to the risks
identified in the Plan reported to the Committee in March 2018.

In November 2017, Ernst &Young began their
early engagement in regard to audit of the change of the financial
system from SAP to Integra, seeking assurance regarding the date
when SAP would be switched off and what the implications would be
for accessing the data held in SAP.

The External Auditors tested a number of
transactions that were on the system for periods 1-6. These were designed to test the potential
significant risks around management override, fraud, revenue and
expenditure recognition, valuation of land and buildings and the
new general ledger system (value for money).

The Plan outlined a number of procedures to
get assurance in regard to management override and fraud in revenue
and expenditure recognition. The Plan outlined a number of
procedures that Ernst and Young would require to get assurance,
some aligned to year end procedures, but some could take place
earlier. Ernst and Young were pleased
to report that they had completed a ‘walk through’ of
13 out of 15 systems. The two
outstanding procedures being in regard to property, plant and
equipment (fixed assets) and year end
accruals. These would be completed next
week.

Journal entries that have been recorded in the
ledger have been tested in regard to periods 1-6 and there are no
issues. Period 7 to year end will now
be completed.

In terms of sampling a number of revenue and
expenditure transactions starting with period 1-6 in November and
period 7 to year end in February, to
date there are no issues to report arising from this
work. There are four areas where work
is outstanding, and the Finance Team have agreed to provide
information on these matters next week.

In terms of the Integra system, Ernst and
Young identified this as a risk, and commissioned their own risk
assessment team to complete an independent review of the data
migration from the old to the new system. The work has been substantially
completed.

In regard to land and buildings, the Council
had responded to a number of issues that Ernst and Young had
identified in regard to the valuation of land and buildings by
appointing external valuers. Ernst and
Young have appointed an in house team to review the work of the
external valuers. No issues have been identified to date or alerted
to the Audit Team. This will be reviewed again next week.

In terms of value for money, Ernst and Young
identified three risks: the financial resilience of the Council in
regard to the plans to address future financial challenges;
arrangements in respect of the delivering the Better Care Fund and
securing finances, and finally in regard to Entrust and the
material reduction in the Council’s stake in Entrust and
whether the Council had sufficient arrangements to monitor
...
view the full minutes text for item 18.

The interim Head of Audit and Financial
Services stated that on an annual basis the Committee are informed
of the annual audit fee by the auditors.

The planned fee for 2017/18 is
£109,755. This includes an
element for the Pension Fund, and is £84,511 for 2018/19. The
Council had opted into the national scheme managed by the Public
Sector Audit Appointments Limited for the appointment of their
external auditors with effect from 1 April 2018/2019 financial
year.

The external auditors stated that they had a
responsibility to advice the Council of its audit fees
annually.

The Director of Finance and Resources drew
Members’ attention to a gradual reduction in the fees, and to
the potential compromise in audit quality. Members asked if there was any way in which
further efficiencies could be achieved. The Director of Finance and
Resources stated that there may be opportunities for further
automation of systems. Ernst &
Young stated that they were also relying on data analytics that
enabled them to use data in a more efficient way.

The interim Head of Audit and Financial
Services stated that two additional meetings had been added to the
Forward Plan on 30 October and 29 January 2019 in an effort to
smooth out the volume of papers being presented to the
Committee.